CyberSec.Space Logo
Back to CVE Browser

CVE-2014-9342

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1800%
EPSS Percentile41.88th
PublishedDec 8, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation.

Affected Platforms (CPE)

πŸ“¦
F5

Big Ip

= 11.3.0

References & Advisories

πŸ”— http://secunia.com/advisories/62000
πŸ”— http://www.securityfocus.com/archive/1/534137/100/0/threaded
πŸ”— https://support.f5.com/csp/article/K15939
πŸ”— https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15939.html
πŸ”— http://secunia.com/advisories/62000
πŸ”— http://www.securityfocus.com/archive/1/534137/100/0/threaded
πŸ”— https://support.f5.com/csp/article/K15939
πŸ”— https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15939.html

Related Vulnerabilities

CVE-2000-063810.0

bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HO...

CVE-2021-230319.9

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 1...

CVE-2021-229879.9

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12....

CVE-2019-66099.8

Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, A...